Security News

November 13, 2019

Orcus RAT Author Charged in Malware Scheme

This post was originally published on this siteIn July 2016, KrebsOnSecurity published a story identifying a Toronto man as the author of the Orcus RAT, a software product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. This week, Canadian authorities criminally charged him with orchestrating an international malware scheme. An advertisement for Orcus RAT. The accused, 36-year-old John “Armada” Revesz, has maintained that Orcus is a legitimate “Remote Administration Tool” aimed at helping system administrators remotely manage their computers, and that he’s not responsible for how licensed customers use his product. […]
November 12, 2019

Dark Web

This post was originally published on this siteThe Dark Web is a network of systems connected to the Internet designed to share information securely and anonymously. These capabilities are abused by cyber criminals to enable their activities, for example selling hacking tools or purchasing stolen information such as credit card data. Be aware that your information could be floating around the Dark Web, making it easier for cyber criminals to create custom attacks targeting you..
November 12, 2019

Patch Tuesday, November 2019 Edition

This post was originally published on this siteMicrosoft today released updates to plug security holes in its software, including patches to fix at least 74 weaknesses in various flavors of Windows and programs that run on top of it. The November updates include patches for a zero-day flaw in Internet Explorer that is currently being exploited in the wild, as well as a sneaky bug in certain versions of Office for Mac that bypasses security protections and was detailed publicly prior to today’s patches. More than a dozen of the flaws tackled in this month’s release are rated “critical,” meaning […]
November 11, 2019

Retailer Orvis.com Leaked Hundreds of Internal Passwords on Pastebin

This post was originally published on this siteOrvis, a Vermont-based retailer that specializes in high-end fly fishing equipment and other sporting goods, leaked hundreds of internal passwords on Pastebin.com for several weeks last month, exposing credentials the company used to manage everything from firewalls and routers to administrator accounts and database servers, KrebsOnSecurity has learned. Orvis says the exposure was inadvertent, and that many of the credentials were already expired. Based in Sunderland, VT. and founded in 1856, privately-held Orvis is the oldest mail-order retailer in the United States. The company has approximately 1,700 employees, 69 retail stores and 10 […]
November 7, 2019

Study: Ransomware, Data Breaches at Hospitals tied to Uptick in Fatal Heart Attacks

This post was originally published on this siteHospitals that have been hit by a data breach or ransomware attack can expect to see an increase in the death rate among heart patients in the following months or years because of cybersecurity remediation efforts, a new study posits. Health industry experts say the findings should prompt a larger review of how security — or the lack thereof — may be impacting patient outcomes. Researchers at Vanderbilt University‘s Owen Graduate School of Management took the Department of Health and Human Services (HHS) list of healthcare data breaches and used it to drill […]
November 3, 2019

NCR Barred Mint, QuickBooks from Banking Platform During Account Takeover Storm

This post was originally published on this siteBanking industry giant NCR Corp. [NYSE: NCR] late last month took the unusual step of temporarily blocking third-party financial data aggregators Mint and QuicBooks Online from accessing Digital Insight, an online banking platform used by hundreds of financial institutions. That ban, which came in response to a series of bank account takeovers in which cybercriminals used aggregation sites to surveil and drain consumer accounts, has since been rescinded. But the incident raises fresh questions about the proper role of digital banking platforms in fighting password abuse. Part of a communication NCR sent Oct. 25 […]
October 30, 2019

Breaches at NetworkSolutions, Register.com, and Web.com

This post was originally published on this siteTop domain name registrars NetworkSolutions.com, Register.com and Web.com are asking customers to reset their passwords after discovering an intrusion in August 2019 in which customer account information was accessed. A notice to customers at notice.web.com. “On October 16, 2019, Web.com determined that a third-party gained unauthorized access to a limited number of its computer systems in late August 2019, and as a result, account information may have been accessed,” Web.com said in a written statement. “No credit card data was compromised as a result of this incident.” The Jacksonville, Fla.-based Web.com said the […]
October 29, 2019

Takeaways from the $566M BriansClub Breach

This post was originally published on this siteReporting on the exposure of some 26 million stolen credit cards leaked from a top underground cybercrime store highlighted some persistent and hard truths. Most notably, that the world’s largest financial institutions tend to have a much better idea of which merchants and bank cards have been breached than do the thousands of smaller banks and credit unions across the United States. Also, a great deal of cybercrime seems to be perpetrated by a relatively small number of people. In September, an anonymous source sent KrebsOnSecurity a link to a nearly 10 gb […]
October 24, 2019

Cachet Financial Reeling from MyPayrollHR Fraud

This post was originally published on this siteWhen New York-based cloud payroll provider MyPayrollHR unexpectedly shuttered its doors last month and disappeared with $26 million worth of customer payroll deposits, its payment processor Cachet Financial Services ended up funding the bank accounts of MyPayrollHR client company employees anyway, graciously eating a $26 million loss which it is now suing to recover. But on Oct. 23 — less than 24 hours before another weekly payroll rush — Pasadena, Calif.-based Cachet threw much of its customer base into disarray when it said its bank was no longer willing to risk another MyPayrollHR […]
October 22, 2019

Ransomware Hits B2B Payments Firm Billtrust

This post was originally published on this siteBusiness-to-business payments provider Billtrust is still recovering from a ransomware attack that began last week.  The company said it is in the final stages of bringing all of its systems back online from backups. With more than 550 employees, Lawrence Township, N.J.-based Billtrust is a cloud-based service that lets customers view invoices, pay, or request bills via email or fax. In an email sent to customers today, Billtrust said it was consulting with law enforcement officials and with an outside security firm to determine the extent of the breach. “Our standard security and […]
October 21, 2019

Avast, NordVPN Breaches Tied to Phantom User Accounts

This post was originally published on this siteAntivirus and security giant Avast and virtual private networking (VPN) software provider NordVPN each today disclosed months-long network intrusions that — while otherwise unrelated — shared a common cause: Forgotten or unknown user accounts that granted remote access to internal systems with little more than a password. Based in the Czech Republic, Avast bills itself as the most popular antivirus vendor on the market, with over 435 million users. In a blog post today, Avast said it detected and addressed a breach lasting between May and October 2019 that appeared to target users […]
October 21, 2019

EU data watchdog raises concerns over Microsoft contracts

This post was originally published on this siteMicrosoft’s contracts with European Union institutions do not fully protect data in line with EU law, the European Data Protection Supervisor (EDPS) said in initial findings published on Monday.
October 21, 2019

Wirecard hires KPMG for independent audit after FT allegations

This post was originally published on this siteGerman payments company Wirecard has hired KPMG to conduct an independent audit to address allegations by the Financial Times that its finance team had sought to inflate reported sales and profits, it said on Monday.
October 21, 2019

Israel’s Upstream wins funding to expand in automotive cybersecurity

This post was originally published on this siteIsrael’s Upstream Security has secured $30 million funding from a wide range of global automakers and venture capital firms as it looks to tap into the increasingly competitive market for software to protect vehicles from hackers.
October 21, 2019

EU data watchdog raises concerns over Microsoft contracts with EU institutions

This post was originally published on this siteThe European Data Protection Supervisor said on Monday that preliminary results of its investigation into Microsoft contracts with EU institutions show serious issues over compliance with data protection rules.
October 21, 2019

Wirecard hires KPMG for independent audit after Financial Times allegations

This post was originally published on this siteGerman payments company Wirecard has hired KPMG to conduct an independent audit to address allegations by the Financial Times that its finance team had sought to inflate reported sales and profits, it said on Monday.
October 21, 2019

Gojek CEO quits to join Indonesian cabinet, replacements named

This post was originally published on this siteGojek CEO and co-founder Nadiem Makarim said on Monday he had resigned to join Indonesia’s cabinet, and the ride-hailing and payments company said two senior officials would jointly take over running operations of the $10 billion firm.
October 21, 2019

SAP in three-year cloud partnership with Microsoft

This post was originally published on this siteBusiness software group SAP said on Monday it had reached a three-year deal with Microsoft to help its large enterprise customers move their business processes into the cloud.
October 20, 2019

Hacking the hackers: Russian group hijacked Iranian spying operation, officials say

This post was originally published on this siteRussian hackers piggy-backed on an Iranian cyber-espionage operation to attack government and industry organizations in dozens of countries while masquerading as attackers from the Islamic Republic, British and U.S. officials said on Monday.
October 20, 2019

Facebook open to currency-pegged stablecoins for Libra project

This post was originally published on this siteFacebook Inc , facing growing skepticism about its digital currency project Libra, on Sunday said the initiative could use cryptocurrencies based on national currencies such as the dollar, instead of the synthetic one it initially proposed.
October 20, 2019

China’s Xiaomi says plans to launch more than 10 5G phones next year

This post was originally published on this siteChinese smartphone maker Xiaomi Corp plans to launch more than 10 5G phones in 2020, CEO Lei Jun said on Sunday, speaking at the World Internet conference in the eastern Chinese town of Wuzhen.
October 19, 2019

China’s propaganda chief says Cold War mentality hindering mutual trust in cyberspace

This post was originally published on this siteA “Cold War mentality” and “bully behavior” are hindering mutual trust in cyberspace, China’s propaganda chief said on Sunday at the start of the World Internet Conference in the eastern Chinese town of Wuzhen.
October 19, 2019

China’s next commercial rockets to make test flights in 2020, 2021: Xinhua

This post was originally published on this siteChina will launch test flights for the next two space rockets in its Smart Dragon series meant for commercial use in 2020 and 2021, the official Xinhua news agency reported on Sunday, as an expected boom in satellite deployment gathers pace.
October 19, 2019

SoftBank seeks to avoid WeWork’s liabilities with new investment: sources

This post was originally published on this siteSoftBank Group Corp is attempting to become the majority owner of WeWork without assuming the onerous lease obligations of the U.S. office-space sharing firm, according to people familiar with the matter.
October 18, 2019

Exclusive: Huawei in early talks with U.S. firms to license 5G platform – Huawei executive

This post was originally published on this siteBlacklisted Chinese telecoms equipment giant Huawei is in early-stage talks with some U.S. telecoms companies about licensing its 5G network technology to them, a Huawei executive told Reuters on Friday.